I will soon be ready to take a Web Application penetration testing course. My goal is to learn in-depth web app security. I have been a web app developer for 10 years and I have been in the security field for about 2 years now. So I am looking for an intermediate/advance course. I am looking on courses dedicated on web apps.

Also, I pay everything from my own pocket, so I am looking for the best value.

Also, there is eLearnSecurity. Web application is one of the three main focuses included in the course (System and Network security is also included). It is pretty in depth and is fairly cheap @ $599 (until the end of July). You also get a discount being an EH-Net member.

I'm currently taking it, and I find it rather informative with in depth descriptions and good examples of tool usage. I haven't finished all modules yet due to being busy, but the material never expires and you can start the certification process whenever you're ready.

We contacted Armando, and he told us that there will be a completely stand-alone Web Application course on its way containing much more web hacking fu. In the meantime he is working on adding w3af into the VA section.

I'm currently taking the eLearnSecurity course too but you've got to remember he's looking for a more predominant focus in web application attack course. While the web application attacks section is the best section compared to other sections, it'd have slides in the course that H1t M0nk3y would most likely know (this just judging from the certifications in his signature). Essentially he'd put out the money for the course to be mainly interested in the web application section and for the certification you have to pentest a vulnerable web-app.

A colleague currently is in the 3rd week of the GWAPT course and he is not satisfied with the level of the course so far.

Regarding the other courses, I have no references.

I recently did the course and I felt it served as a very good introduction to the world of web application pen testing.

mambru wrote:

@mambru Did you colleague say why he is not satisfied with the GWAPT course? I am curious why...

He says the technical level is far too low. Also, both instructors (Kevin Johnson & Set Misenar) spend too much time in simple things, while other important aspects are almost skipped.

That wasn't my experience. I will admit that there were areas where I would have preferred if more information was provided. But then that happens in almost ALL courses. I was fairly satisfied with the technical content.

I think I will go through some books instead for the next few months. I haven't seen anything convincing so far. Again, I pay everything myself and before putting $4000 on a course + travel or pay $500 for a bunch of PDFs, I may as well read a few books!

I am pushing right now!

I will go through a few books on web app pentests and I will see. I may then by a GWAPT practice exam and see where I stand. I did that for GSEC and finally passed the exam without the course!